This section covers crucial network services everyone uses in today’s networks, such as DHCP, DNS & NAT.
DHCP – Dynamic Hosts Configuration Protocol allows you to configure IP addresses, subnet masks, default gateways, DNS server addresses and a lot more to the clients on your network.
- Static v Dynamic IP Addressing – In general all client computers on a network should obtain their IP address from a DHCP server, however, this is not necessarily the case for servers, printers, plotters and router interfaces, which should be configured to have a static IP address so it does not change.
- Reservations – A specific IP address assignment permanently reserved for a specific DHCP client. Configured in the DHCP server, this same IP address will always be assigned to the same specific client.
- Scopes – A consecutive range of IP address the DHCP server can allocate to clients.
- Leases – The length of time the DHCP client is assigned the IP address before the lease expires the DHCP client must ask the DHCP server to renew the lease.
- Options – It’s possible to configure the DHCP server to give clients information relating to other services on the network, this might include the address of the DNS servers, WINS, default gateway.
- DHCP Relay – DHCP communication from devices attempting to receive an IP address use broadcasts. Due to routers typically not passing broadcast traffic organization would be forced to have a DHCP server on every subnet that requires the functionality. Fortunately, a DHCP relay agent can be installed on the network that does not have the DHCP server and the relay will forward messages to and from the clients and server.
DNS – The Domain Names Service resolves user-friendly names such as www.techsupportpro.uk into an IP address that’s used on the local network or the Internet.
- DNS Servers – Contain the software used to resolve host names to IP addresses. They can be stand alone, configured as a primary or secondary and most commonly Active Directory integrated. They often exchange DNS zone data with other DNS servers on the network through a process called zone transfer.
- DNS Records – There are many different types of records used by DNS, each type has a specific purpose in name resolution
- A – Used to resolve a host name to IPv4 address
- MX – Mail Exchange, specify the mail server responsible for the network
- AAAA – Used to resolve a host name to IPv6 address
- CNAME – Canonical Name, aliases to other records, make the DNS server more flexible
- PTR – Used for reverse lookups, IP address to host name.
- SRV – Service record, specified the host name and IP address of servers which provide specific services, such as an ADDC.
- Dynamic DNS – Allows a DHCP client to notify the DNS server.
NAT – Network Address Translation is a service that translates one set of IP addresses into another set. It’s most commonly used between a private network and the Internet. It can also be used to translate a group of global internal addresses into a group of global external addresses. The diagram below demonstrates how NAT can be used, in this example the IP of clients on the private network are translated into public routable addresses that can be used for communication on the Internet.
PAT – Port Address Translation. When you have two or more clients that share the same external IP address the only way to keep network communication separate is by use of port designation. In the diagram below all three clients on the private network use the same 22.214.171.124 external IP address, what PAT does is change the source address of the network traffic by adding a port address to it. Then any inbound traffic coming back from the Internet will use the same port and PAT will be able to direct the traffic back to the correct client by matching the port address.
SNAT – Source network address translation only translated the source address of outgoing packets.
DNAT – Destination network address translation only translates the destination address of outgoing packets, it’s often used in conjunction with SNAT.
Port Forwarding – Used to allow remote computers to connect to a computer or service running within your private IP network. The service or computer on the private network must be identifiable by IP port number. So, network traffic that contains that specific port number will be directed to that specific service.
Proxy & Reverse Proxy – Proxy servers typically make connections to the Internet of behalf of internal clients. Reverse proxy servers can be used to protect the identity of highly secure servers within your organization.
So there you have it, section 1.3 of the Net+ cert.